Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



This project contains a number of tests that show how an Apache CXF service endpoint can use the CXF Failover feature, to authenticate to different Apache Syncope instances.

  1. Pre-requisites

1.a) Mysql

Install MySQL in $SQL_HOME and create a new user for Apache Syncope. We will create a new user "syncope_user" with password "syncope_pass". Start MySQL and create a new Syncope database:

Start: sudo $SQL_HOME/bin/mysqld_safe --user=mysql
Log on: $SQL_HOME/bin/mysql -u syncope_user -p
Create a Syncope database: create database syncope; 

1.b) Apache Tomcat

Download Apache Tomcat + extract it twice (calling it first-instance + second-instance). In both, edit 'conf/context.xml', and uncomment the the "" configuration. Add the following configuration:

Edit 'conf/server.xml' of the second instance, and change the port to "9080", and change the other ports to avoid conflict with the first Tomcat instance.

Edit 'conf/tomcat-users.xml' of both instances and add the following:

Next download the MySQL JDBC jar and place it in the lib directory of both Tomcat instances.

1.c) Install Syncope

Download and run the Syncope installer:


Install it to Tomcat using MySQL as the database. For more info on this, follow this link:


Run this twice to install Syncope in both Apache Tomcat instances.

1.d) Update the Syncope instances to share the same database

Next edit 'webapps/syncope/WEB-INF/classes/persistenceContextEMFactory.xml' and change the openjpa.RemoteCommitProvider to:

and for the second instance:

1.e) Add users

In the first Tomcat instance running on 8080, go to http://localhost:8080/syncope-console, and add two new roles "employee" and "boss". Add two new users, "alice" and "bob" both with password "security". "alice" has both roles, but "bob" is only an "employee".

  1. FailoverAuthenticationTest

This tests using Syncope as an IDM for authentication. A CXF client sends a SOAP UsernameToken to a CXF Endpoint. The CXF Endpoint has been configured (see cxf-service.xml) to validate the UsernameToken via the SyncopeUTValidator, which dispatches the username/passwords to Syncope for authentication via Syncope's REST API.

The SyncopeUTValidator is configured with the address of the primary Syncope instance ("first-instance" above running on 8080). It is also configured with a list of alternative addresses to try if the first instance is down (in this case the "second-instance" running on 9080).

The test makes two invocations. The first should successfully authenticate to the first Syncope instance. Now the test sleeps for 10 seconds after prompting you to kill the first Syncope instance. It should successfully failover to the second Syncope instance.